‘Share’ portals are configured so that portal users can browse the associated storage. Each portal is associated with a specific area of storage visible to a transfer server or visible to a set of redundant transfer servers. Once transfer servers are registered with an account, the administrator can create new portals that allow communities of users to securely exchange files. This one-time key is used to securely establish and exchange security credentials, which are then used to validate and encrypt all future communication between the cloud and the transfer server. Each transfer server installation securely binds with the cloud tier and the customer account using a one-time setup key generated by the cloud tier for this purpose. The next step is to set up and associate file transfer servers with the account.
The second key security feature begins with the creation of a customer account and assignment of top-level administrators for the account. The advantages of segregated storage are numerous, but from a security perspective it provides an extra layer of containerization. This eliminates the security risk of popular consumer online file sharing services, since customer files are never stored in the same file system or cloud storage tenancy as other people’s files. The content storage itself is always under the customer’s control.
The first Media Shuttle security element is provided by the hybrid SaaS nature of Media Shuttle: customers can store their files on-premises or in the cloud, while the software that orchestrates the file movement is a true cloud-native SaaS offering. Using these basic principles, Media Shuttle has been designed with five key security features: ➜ Storage Control: A system is secure by default when the default settings put the system in a secure state, ensuring that overt action must be taken to disable security features. A corollary of least privilege is that mechanisms used to control access to resources should never be shared. Least privilege works on the basis that every task in the system should be performed with the least privileges possible both in terms of scope of resources and duration of time that resources can be accessed. Two key components of this strategy are the principles of “least privilege” and “secure by default”. A defense-in-depth design strategy incorporates several security controls for a system so that multiple security failures must occur before an attacker can gain access to critical resources. What are the most important security features protecting assets moved with Media Shuttle?īuilding on the core Transport Layer Security (TLS) built into the Signiant transfer protocol, Media Shuttle contains a variety of security features that adhere to the information assurance principle of “defense in depth”.